If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

You are telling .htaccess too look in the modify directory for .htpasswd. This is part of your problem. I have limited knowledge of .htaccess/.htpasswd, I use it quite seldom, however give that a try.. because it's definately part of your problem.. the AuthUserFile must line up with where .htpassword actually is.

IT Blog: .:Computer Defense:.PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

Wait, you say you created two files "htaccess.txt" and "htpasswd.txt". Aren't those supposed to be .htaccess and .htpasswd. I have a different setup, but I use a .htaccess file in the directory I don't want people to visit. I have it point to a file called passwords with no .txt or anything. I set it up using apache documentation on .htaccess. I used a combo of these two links for the setuphttp://httpd.apache.org/docs/howto/htaccess.htmlhttp://httpd.apache.org/docs/howto/auth.html
If I remember correctly you also have to edit some of your allow and deny thingies in the httpd.conf file. I have it to where if you access one of the user specific home pages e.g. /~user then you have to have a password. I just used this in the httpd.conf file.

Code:

#
# Control access to UserDir directories. The following is an example
# for a site where these directories are restricted to read-only.
#
&lt;Directory /home/*/public_html&gt;
AllowOverride FileInfo AuthConfig Limit Indexes
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
&lt;Limit GET POST OPTIONS PROPFIND&gt;
Order allow,deny
Allow from all
&lt;/Limit&gt;
&lt;LimitExcept GET POST OPTIONS PROPFIND&gt;
Order deny,allow
Deny from all
&lt;/LimitExcept&gt;
&lt;/Directory&gt;

All of that was originally commented out. You will have to do something similar most likely, unless for the main directory the .htaccess works by default. Hope this helps. Good luck.

You can password protect content in both the main and sub-directories of your DocumentRoot fairly easily. I know of cases where persons will allow normal access to their regular web pages, but require passwords for directories / pages that show MRTG or Webalizer data. In this example we'll show how to password protect the /var/www/html directory.

· Apache has a password utility called "htpasswd" which can create "username password" combinations independent of your system login password for web page access. You have to specify the location of the password file, and if it doesn't yet exist, you'll have to include a "-c" or "create" switch on the command line. I recommend placing the file in your /etc/httpd/conf directory, away from the DocumentRoot tree where web users could possibly view it. Here is an example for a first user named "peter" and a second named "paul":

· The "require user" tells Apache that only user "peter" in the “.htpasswd” file should have access. If you wanted all “.htpasswd” users to have access then you'd replace this line with require valid-user

· Set the correct file protections on your new .htaccess file in the directory /var/www/html.

[root@bigboy tmp]# chmod 644 /var/www/html/.htaccess

· Make sure your /etc/httpd/conf/http.conf file has an AllowOverride statement in a &lt;Directory&gt; directive for any directory in the tree above /var/www/html. In the example below, we want all directories below /var/www/ to require password authorization.